HERMES_REGISTRATION_DOCUMENT_2017

3

CORPORATE GOVERNANCE

ETHICS – COMPLIANCE

ORGANISATION

Security Department;

3.2.2

s

s Audit and Risk Management Department.

The Personal Data Protection Committee’s role is to identify, launch and coordinate practical initiatives to comply with the European regulation of 27 April 2016 No. 2016/679, known as the General Data Protection Regulation (GDRD), which will come into force on 25 May 2018. Data Protection Officer A data protection officer has been appointed with the task of informing and advising the company on its legal and regulatory obligations with regard to personal data, and of monitoring data processing and ensuring its compliance with these obligations. The Data Protection Officer is the point of contact for people involved with data and for authorities tasked with the protection of personal data. The position is part of the Group Legal Department, reporting to the ExecutiveVicePresident,GovernanceandDevelopmentofOrganisations, member of the Executive Committee, who in turn reports to the Group’s Executive Chairman. 3.2.2.4 3.2.3.1 Corruption Corruption goes against the values of the Hermès Group. Fighting cor- ruption is everyone’s business. The Group has a dual requirement: zero tolerance for breaches of probity on the one hand, and a determined commitment to an ethical culture on the other. Fighting corruptionmeans creating an ethical culture that informs all of our policies, actions and decisions where lack of probity has no place. To this end, Hermès undertakes to respect all laws and principles in this area, particularly in the countrieswhere it operates. Hermeswill continue to apply a firm policy against any offending behaviour. To meet the requirements of French Law 2016-1691 of 9 December 2016 on transparency, the fight against corruption and the moder- nisation of economic life (known as Sapin II ), the Hermès Group has appointed a Compliance and Public Affairs Legal Director, established a Compliance and Vigilance Committee and implemented an action plan to reinforce strict compliance with existing procedures. Vigilance In accordance with French Law 2017-399 of 27 March 2017, the Hermès Group has drawn up a reasonable vigilance plan designed to identify risks and prevent serious harm in respect of human rights and fundamental freedoms, employee health and safety and the environ- ment resulting from its activities and the activities of subcontractors and suppliers. Mitigation and prevention mechanisms in relation to these risks are addressed specifically in section 66 regarding employees and 100 as regards suppliers. 3.2.3.2 3.2.3 IMPLEMENTATION

3.2.2.1 Chief Compliance Officer A Director of Legal Compliance and Public Affairs was appointed on 1 September 2017, with the task of identifying, evaluating and control- ling the risks towhich theHermèsGroup is exposed, verifying compliance with the various laws and regulations, and ensuring the implementation and updating of compliance programmes, in close cooperation with the Group’s various departments. This position reports to the Group’s Chief Legal Officer, who reports to the Executive Vice President, Governance andDevelopment of Organisations,member of theExecutiveCommittee, who in turn reports to the Group’s Executive Chairman. Compliance and Vigilance Committee A Compliance and Vigilance Committee has been created, and is com- posed of the following functions: 3.2.2.2

s Director of Legal Compliance and Public Affairs

Group Legal Director

s

Audit and Risks Director

s

s Sustainable Development Director

s Consolidation and Management Control Director

Labour Relations Director

s

s Group Direct Purchasing Coordination Manager

s Group Indirect Purchasing Manager

s Group Retail Activities Director. The Compliance and Vigilance Committee meets regularly. Its chief pur- pose is to draw up compliance standards and to design and implement measures to monitor suppliers as well as to track and prevent fraud and corruption at all Group entities in France and internationally, in particular through awareness and training campaigns for staff most at risk. Generally speaking, the Compliance and Vigilance Committee is tasked with: s providing expertise by analysing regulatory and legislative requirements;

s fostering a culture of compliance;

s ensuring coordination and consistency; s adapting the Group’s policies in this area.

3.2.2.3 Personal Data Protection Committee A Personal Data Protection Committee has been created, composed of employees from the following departments, the Information Systems Security Manager and the Data Protection Officer:

Group Legal Department;

s

s Group Human Resources Department; s Digital Projects & E-commerce Department;

s Group Retail Activities Department;

178

2017 REGISTRATION DOCUMENT HERMÈS INTERNATIONAL